Re: [fwd: my comments to the SPAN list]

To: David Conrad < >
From: Patrik F�ltstr�m < >
Date: Thu, 24 Oct 2002 12:09:33 +0200
Cc: Lawrence Conroy < >
Stastny Richard < >
Jim Reid < >
< >
< >

On torsdag, okt 24, 2002, at 11:34 Europe/Stockholm, David Conrad wrote:

On 10/24/02 2:26 AM, "Lawrence Conroy" lwc@localhost wrote:

DNAME sure looks like a natural solution. The fact that it *was*
seen as being tied up with A6 RRs doesn't mean that it's dangerous.

Right.  DNAME is actually pretty useful.

The only reason I think it is dangerous is that if it is used for "permanent" solutions (as compared with "temporary", it will make administration harder and harder. Just like soft links in a unix system is a perfect tool for some things, but over time they "rotten" and more and more of them end up being stale handles. This because there is no backward reference, so when you change a domain name, you don't know what DNAME's refer to this domain name.

Also, DNAME make the resolution slower to some degree as it forces a restart of the lookup, which when adding DNSSEC will not make things faster.

So, when I have said "don't use DNAME", I really mean "do not use DNAME unless you are 100% sure you don't have any other tool".

Yes, it is useful, but one can also shoot oneself in the foot with it by not having proper admin tools which keep track of them.

paf

Post To The List:

References:
- Re: [fwd: my comments to the SPAN list]
  - From: David Conrad

<<< Chronological >>>

Author Subject

<<< Threads >>>